Skip to content

Instantly share code, notes, and snippets.

View gemboxteam's full-sized avatar
🎯
Focusing

GemboxTeam gemboxteam

🎯
Focusing
9 followers · 9 following
  • Indonesia
View GitHub Profile
@gemboxteam
gemboxteam / service-checklist.md
Created May 30, 2023 07:12 — forked from jasonamyers/service-checklist.md
Internet Scale Services Checklist

Internet Scale Services Checklist

A checklist for designing and developing internet scale services, inspired by James Hamilton's 2007 paper "On Desgining and Deploying Internet-Scale Services."

Basic tenets

  • Does the design expect failures to happen regularly and handle them gracefully?
  • Have we kept things as simple as possible?
@gemboxteam
gemboxteam / test.sh
Created September 21, 2022 02:40 — forked from gbrayut/test.sh
Firewall Testing
#Test all A entries for a DNS record to see if you can connect to port 443:
dig +short microsoft.com. | xargs -I {} nc -v -w2 {} 443
#Example of output
Connection to 191.239.213.197 443 port [tcp/https] succeeded!
Connection to 104.43.195.251 443 port [tcp/https] succeeded!
Connection to 104.40.211.35 443 port [tcp/https] succeeded!
Connection to 23.100.122.175 port 443 (tcp) timed out: Operation now in progress
Connection to 23.96.52.53 443 port [tcp/https] succeeded!
@gemboxteam
gemboxteam / NetSecCheck.md
Created March 4, 2021 01:46 — forked from MrMugiwara/NetSecCheck.md
Network Security VAPT Checklist

Hi dear reader, there are very few technical network security assessment checklist. So I thought to share my own on this. Have a look and enjoy. Lets talk about the scope first. If you are given a 1000 machines to perform VAPT, then here is your scope. Single machine can have 65535 ports open. Any single port can deploy any service software from the world. For example FTP can be run on smartftp, pureftpd etc.. Any single FTP software version (for example pureftpd 1.0.22) can have number of vulnerabilities available. So if you multiply all of these, then it is impossible for any auditor to go ahead and probe all ports manually and find services manually. Even if he/she is able to do it, it is impossible to check all vulnerabilities that are pertaining to a single port of a single machine. Hence we have to rely on scanners such as nexpose, nessus, openvas, coreimpact etc. Here are some quick tools and test cases that one can perform on commonly found ports in the network pentest.

Identify live host

@gemboxteam
gemboxteam / http-tomcat-manager.nse
Created June 25, 2020 05:41 — forked from initbrain/http-tomcat-manager.nse
Nmap NSE script that performs a dictionary/bruteforce attack over login and password fields of Apache Tomcat default web management pages
local shortport = require "shortport"
local http = require "http"
local stdnse = require "stdnse"
local brute = require "brute"
local creds = require "creds"
description = [[
Performs a dictionary/bruteforce attack over login and password fields of Apache Tomcat default web management pages.
]]
@gemboxteam
gemboxteam / tomcat_bruteforce.py
Created June 25, 2020 05:37 — forked from th3gundy/tomcat_bruteforce.py
Tomcat manager console bruteforce
"""
Tomcat bruteforce
Author: @itsecurityco
"""
import os
import sys
import getopt
import base64
import requests
@gemboxteam
gemboxteam / clean.sh
Created April 7, 2020 09:25 — forked from Iman/clean.sh
Free up disk space on Ubuntu - clean log, cache, archive packages/apt archives, orphaned packages, old kernel and remove the trash
#!/bin/sh
#Check the Drive Space Used by Cached Files
du -sh /var/cache/apt/archives
#Clean all the log file
#for logs in `find /var/log -type f`; do > $logs; done
logs=`find /var/log -type f`
for i in $logs